CVE/vulnerability
WordPress Plugin Vulnerability Exposes 23k+ Websites to Hacking
Researchers from Patchstack have warned that over 23,000 real estate websites using the popular RealHomes WordPress theme and its bundled Easy Real Estate plugin are exposed to critical security...
Cyber Crime
Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data
Researchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by injecting malicious JavaScript into the WordPress database. On checkout pages, the...
Cyber Crime
New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data
Cybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable attackers to create convincing replicas of legitimate payment gateways,...
CVE/vulnerability
200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin Vulnerability
A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which is installed on over 200,000 websites.The vulnerability, which...
CVE/vulnerability
4M+ WordPress Websites to Attacks, Following Plugin Vulnerability
A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly known as "Really Simple SSL," putting over 4 million...
Cyber Attack
ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites
Researchers have identified a new variant of the ClickFix fake browser update malware distributed through malicious WordPress plugins.These plugins, disguised as legitimate tools,...
CVE/vulnerability
Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites
A critical vulnerability has been discovered in the GiveWP plugin, a popular WordPress donation and fundraising platform.This vulnerability, CVE-2024-5932, exposes over 100,000 WordPress sites...
CVE/vulnerability
Hackers Actively Exploiting WordPress Plugin Arbitrary File Upload Vulnerability
Hackers have been actively exploiting a critical vulnerability in the WordPress plugin 简数采集器 (Keydatas).The vulnerability, CVE-2024-6220, allows unauthenticated threat actors to upload arbitrary...
Cyber Attack
SocGholish Malware Attacking Windows Users Using Fake Browser Update
The SocGholish downloader has been in operation since 2017 and it is still evolving. This malware, which poses as a browser update, is favored...
cyber security
Hackers Exploit Multiple WordPress Plugins to Hack Websites & Create Rogue Admin Accounts
Wordfence Threat Intelligence team identified a significant security breach involving multiple WordPress plugins. The initial discovery was made when the team found that the Social...
cyber security
Mal.Metrica Malware Hijacks 17,000+ WordPress Sites
Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA challenges. Clicking initiates a malicious...